The X.509 protocols rely on a hierarchical trust model. In this trust model Certification Authorities (CAs) are used to certify entities. Usually more than one certification authorities exist, and certification authorities may certify other authorities to issue certificates as well, following a hierarchical model.
One needs to trust one or more CAs for his secure communications. In that case only the certificates issued by the trusted authorities are acceptable. The framework is illustrated on Figure 4.1.
|• X.509 certificate structure:|
|• Importing an X.509 certificate:|
|• X.509 certificate names:|
|• X.509 distinguished names:|
|• X.509 extensions:|
|• X.509 public and private keys:|
|• Verifying X.509 certificate paths:|
|• Verifying a certificate in the context of TLS session:|
|• Verification using PKCS11:|